krd/linux
1
0
Fork 0
Code Activity

release 6.15.2 (preliminary)

Browse Source
This commit is contained in:
Konstantin Demin
2025-06-18 12:24:58 +03:00
parent 4d2691343a
commit 43dc655d2e
242 changed files with 7729 additions and 32303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch vendored
View File

@@ -22,9 +22,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -1701,6 +1701,11 @@ int perf_cpu_time_max_percent_handler(co
int perf_event_max_stack_handler(const struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos);
@@ -1684,6 +1684,11 @@ extern int sysctl_perf_event_sample_rate
extern void perf_sample_event_took(u64 sample_len_ns);
+static inline bool perf_paranoid_any(void)
+{
@@ -36,7 +36,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -449,8 +449,13 @@ static struct kmem_cache *perf_event_cac
@@ -450,8 +450,13 @@ static struct kmem_cache *perf_event_cac
* 0 - disallow raw tracepoint access for unpriv
* 1 - disallow cpu events for unpriv
* 2 - disallow kernel profiling for unpriv
@@ -48,9 +48,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
int sysctl_perf_event_paranoid __read_mostly = 2;
+#endif
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
@@ -12813,6 +12818,9 @@ SYSCALL_DEFINE5(perf_event_open,
/* Minimum for 512 kiB + 1 user control page. 'free' kiB per user. */
static int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024);
@@ -13084,6 +13089,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (err)
return err;
@@ -58,13 +58,13 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+ return -EACCES;
+
/* Do we allow access to perf_event_open(2) ? */
err = security_perf_event_open(&attr, PERF_SECURITY_OPEN);
err = security_perf_event_open(PERF_SECURITY_OPEN);
if (err)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -51,6 +51,15 @@ config PROC_MEM_NO_FORCE
endchoice
@@ -72,6 +72,15 @@ config MSEAL_SYSTEM_MAPPINGS
For complete descriptions of memory sealing, please see
Documentation/userspace-api/mseal.rst
+config SECURITY_PERF_EVENTS_RESTRICT
+ bool "Restrict unprivileged use of performance events"